Summary
Promass 83 devices utilizing 499ES EtherNet/IP (ENIP) Stack by Real Time Automation (RTA) are vulnerable to a stack-based buffer overflow.
Update A, 2021-10-07:
added credits
changed title from "ENDRESS+HAUSER: Promass 83 with Ether/IP affected by DoS vulnerability" to "ENDRESS+HAUSER: Promass 83 with EtherNet/IP affected by a stack-based buffer overflow"
Impact
The vulnerability described can lead to a denial of service or even remote code execution.
Affected Product(s)
| Model no. | Product name | Affected versions |
|---|---|---|
| Promass 83 | Firmware 1.00.00 |
Vulnerabilities
Expand / Collapse allThe install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device.
Mitigation
If an immediate firmware update is not possible, the only way to prevent an attack is to disable communication via EtherNet/IP.
Remediation
Endress+Hauser provides updated firmware versions (Firmware versions >1.00.00) for the related product from the Proline portfolio which fixes the vulnerability. Endress+Hauser strongly recommends customers to update to the new fixed version. For support, please contact your local service center.
Revision History
| Version | Date | Summary |
|---|---|---|
| 1 | 04.10.2021 14:30 | Initial revision. |
| 2 | 07.10.2021 12:00 | Update A |
| 3 | 14.05.2025 14:28 | Fix: firmware category, added distribution |